--- loncom/interface/spreadsheet/lonspreadsheet.pm	2003/06/18 19:44:22	1.11
+++ loncom/interface/spreadsheet/lonspreadsheet.pm	2003/06/19 14:52:21	1.12
@@ -1,5 +1,5 @@
 #
-# $Id: lonspreadsheet.pm,v 1.11 2003/06/18 19:44:22 matthew Exp $
+# $Id: lonspreadsheet.pm,v 1.12 2003/06/19 14:52:21 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -249,21 +249,43 @@ sub handler {
     ## Check permissions
     my $allowed_to_edit = &Apache::lonnet::allowed('mgr',
                                                 $ENV{'request.course.id'});
+    # Only those instructors/tas/whatevers with complete access
+    # (not section restricted) are able to modify spreadsheets.
     my $allowed_to_view =  &Apache::lonnet::allowed('vgr',
                                                 $ENV{'request.course.id'});
-
+    if (! $allowed_to_view) {
+        $allowed_to_view = &Apache::lonnet::allowed('vgr',
+                    $ENV{'request.course.id'}.'/'.$ENV{'request.course.sec'});
+        # Those who are restricted by section are allowed to view.
+        # The routines in lonstatistics which decide which students' 
+        # will be shown take care of the restriction by section.
+    }
     #
     # Only those able to view others grades will be allowed to continue 
     # if they are not requesting their own.
-    if (($sheettype eq 'classcalc') || 
-        ($name   ne $ENV{'user.name'} ) ||
-        ($domain ne $ENV{'user.domain'})) {
+    if ($sheettype eq 'classcalc') {
         if (! $allowed_to_view) {
             $r->print('<h1>Access Permission Denied</h1>'.
                       '</form></body></html>');
             return OK;
         }
     }
+    if ((($name   ne $ENV{'user.name'} ) ||
+         ($domain ne $ENV{'user.domain'})) && $sheettype ne 'classcalc') {
+        # Check that the student is in their section?
+        if (exists($ENV{'request.course.sec'}) && 
+            $ENV{'request.course.sec'} ne '' ) {
+            my $stu_sec = &Apache::lonnet::usection($domain,$name,
+                                                    $ENV{'request.course.id'});
+            if ($stu_sec ne $ENV{'request.course.sec'}) {
+                $r->print
+                    ('<h1>The student requested is not in your section.</h1>'.
+                     '</form></body></html>');
+                return OK;
+            }
+        }
+    }
+
     #
     # Header....
     #
@@ -376,7 +398,8 @@ ENDSCRIPT
         }
         $r->print('<table><tr><td>'.$spreadsheet->html_header().'</td>'.
                   '<td valign="bottom">'.$html."</td></tr></table>\n");
-        $r->print(<<END);
+        if ($action_message ne '') {
+            $r->print(<<END);
 <table>
 <tr><td valign="top"><b>Last Action:</b></td>
     <td>&nbsp;</td>
@@ -384,6 +407,7 @@ ENDSCRIPT
 </tr>
 </table>
 END
+        }
         $r->rflush();
     } else {
         $r->print('<table><tr><td>'.$spreadsheet->html_header().